<?php
  include('header.php');
  include('functions.php');
  $pageTitle = "$l_create_category";
  $hide_footer = 1;
  echo '<hr/><br/><h2>' . $l_create_cat . '</h2><br/>';
  if ($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1) {
      //the user is not an admin
      echo $l_error_noright;
  } else {
      //the user has admin rights
      if ($_SERVER['REQUEST_METHOD'] != 'POST') {
	      $result = $db->query("
SELECT 
   cat_id, 
   cat_name, 
   cat_description, 
   cat_parent,
   cat_child 
   FROM " . $table_prefix . "categories");         
          //the form hasn't been posted yet, display it
          echo '<div align="center"><table style="width:450px;" border=1><tr><td align="left"><form method="post" action="">';
          echo '<select name="forum_cat">';
          echo '<option value = "0">-root-</option>';
          while ($row =  $db->fetch_array($result,'assoc')) {
              if ($row['cat_id'] == $_GET['f']) {
                  $selected = "selected";
              } else {
                  
                  $selected = null;
              }
              if ($row['cat_parent'] == 0) {
                  echo '<option ' . $selected . ' value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
                  $result2 = $db->query("SELECT * FROM " . $table_prefix . "categories WHERE cat_parent >0");
              }
              while ($row2 =  $db->fetch_array($result2,'assoc')) {
                  if ($row2['cat_parent'] == $row['cat_id']) {
                      echo '<option disabled="disabled" value = ' . $row2["cat_id"] . '>&nbsp;|- > ' . $row2["cat_name"] . '</option>';
                  }
              }
          }
          echo '</tr></td></select><br />';
          
          echo '  <tr><td align="left"><br /><b>' . $l_cat_name . ':</b> <br /><input type="text" name="cat_name" /><br /><br /></td></tr><tr><td>
      <b>' . $l_cat_desc . ':</b><br /> <textarea name="cat_description" style="width:300px;height:100px;" /></textarea><br /><br /></td></tr><tr><td>
      <b>' . $fpermission . '</b><br> <select name = "forum_permission">
<option value = "1">' . $fpermission_all . '</option>
<option value = "2">' . $fpermission_reg . '</option>
<option value = "3">Only moderators</option>
<option value = "4">' . $fpermission_locked . '</option>
</select><br /><br /></td></tr><tr><td>
<br/><b>' . $fpermission_icon . '</b><br/><input type="text" name="forum_icon" value="forum_icon.png"/>
<br /><br /></td></td><tr><td>
      
      
      <input class="inputButton" type="submit" value="' . $l_add_cat . '" />
     </form></td></tr></table></div><br /><br /><br /><br /><br /><br /><br />';
      } else {
	      $result22 =$db->query("SELECT cat_parent FROM " . $table_prefix . "categories WHERE cat_id = " . mysql_real_escape_string($_POST['forum_cat']) . "");
          $row22 = $db->fetch_array($result22,'assoc');
          if (strlen($_POST['cat_name']) < 4) {
              echo "<div align='center'>$l_error_write_ftitle</div> " . $_POST['forum_permission'] . "";
          } else {
              
              if ($row22['cat_parent'] != 0) {
                  echo "<div align='center'>$l_error_select_subf</div>";
              } else {
                  $cat_name = str_replace('%69%66%72%61%6D%65', 'iframe', mysql_real_escape_string($_POST['cat_name']));
                  $cat_name = convEnt2($cat_name);
                  $cat_desc = str_replace('%69%66%72%61%6D%65', 'iframe', mysql_real_escape_string($_POST['cat_description']));
                  $cat_desc = convEnt2($cat_desc);
                  //the form has been posted, so save it
				  $result = $db->query("INSERT INTO " . $table_prefix . "categories(cat_name, cat_description, cat_icon, cat_parent,cat_permission)  VALUES('" . $cat_name . "',  '" . $cat_desc . "','" . $_POST['forum_icon'] . "'," . mysql_real_escape_string($_POST['forum_cat']) . "," . $_POST['forum_permission'] . ")");                  
                  $fid = mysql_insert_id();
                  
				  $result1 = $db->query("SELECT * FROM " . $table_prefix . "categories WHERE cat_parent = " . mysql_real_escape_string($_POST['forum_cat']) . "");
                  $row = $db->fetch_array($result1,'assoc');
                                   
                  if (!$result) {
                      //something went wrong, display the error
                      echo $l_error . mysql_error();
                  } else {
                      echo "<hr/><br><div align='center'>" . $l_new_cat_add . "<a href='create_cat.php'><br/>$l_back_to_prev</a><br/><br/><a href ='index.php'>$l_back_to</a><br/><br/></div>";
                  }
              }
          }
      }
  }
  if ($hide_footer < 1) {
      include 'footer.php';
  }
  // Get all the page's HTML into a string
  $pageContents = ob_get_contents();
  // Wipe the buffer 
  ob_end_clean();
  echo str_replace('<!--TITLE-->', $pageTitle, $pageContents);
?>
